In recent
surveys, network administrators and IT managers cited the following top issues
with their existing firewall:
·
Poor visibility into network applications,
risks, and threats
·
Concerns about protection from the latest
ransomware and attacks
·
Lack of any response or assistance when there
is a threat on the network
When selecting a shortlist
for your next firewall, it can be challenging to even know where to start.
You’ll want to begin by identifying your key requirements. Once you’ve
established those, it’s a daunting task to wade through vendor websites and
datasheets to determine which firewall can not only meet your needs, but
actually do what it claims.
“Sophos has compiled a
guide that will help users you to choose the right solution for your organisation
so you don’t end up with firewall buyer’s remorse. It covers all the features
and capabilities you should consider when evaluating your next firewall
purchase. These are We’ve also included important questions to ask your IT
partner or vendor to ensure the product will meet your needs,” says Andre Kannemeyer – CTO at Duxbury
Networking, local distributors of Sophos technology.
The
perfect storm in network security: encryption
Ever-increasing encrypted traffic flows have created a perfect
storm – with dire consequences. Consider these important facts:
·
90% of internet traffic is now TLS encrypted
·
50% of malware, PUA, and hacker servers are
utilising encryption to avoid detection
·
Most organisations are not inspecting
encrypted traffic.
“When we ask organisations
why they are not inspecting encrypted traffic, they cite performance as the
number one reason. TLS inspection is simply too resource intensive for most
firewalls to keep up with the huge volume of encrypted traffic. The second
major reason for not inspecting encrypted traffic. It tends to cause usability
issues; it breaks the internet,” says Kannemeyer.
This fundamental challenge with encryption and an inability to
address it by most firewalls is creating a variety of other issues: visibility
into risky behaviour and content, compliance, and protection from ransomware,
attacks, and breaches. In effect, encryption is the root cause of many of
today’s top network security challenges. Unfortunately, most networks are
simply turning a blind eye to most of the traffic passing through them. This is
no longer necessary. There is a very effective way to deal with this challenge.
Top
critical capabilities
To solve your top challenges with network visibility, protection,
and response to threats, here are four must-have critical capabilities you need
in your next firewall, that are likely missing today:
·
TLS 1.3 inspection – 90% of internet traffic is now encrypted and that number is
growing, so it’s critical that your next firewall includes TLS 1.3 inspection.
Perhaps more importantly, it must provide the intelligence and performance to
do it efficiently, without becoming a bottleneck or forcing you to buy a much
more expensive firewall than you really need. Not all encrypted traffic
requires inspection, and not all encrypted traffic supports it. Your next
firewall must support all the latest standards and cipher-suites. It must also
have intelligent exceptions built in to be more selective in what traffic to
inspect, while also providing tools to easily identify potential issues and add
exceptions on the fly to avoid them. It should also offer adequate performance
to deal with an ever-increasing volume of encryption – both today and into the
future.
·
Zero-day threat protection – Threats are constantly evolving. The
ransomware variant used to attack an organisation tomorrow will almost
certainly be different from the one used yesterday. This is the nature of the
current threat landscape. Your next firewall must have artificial intelligence
based on multiple machine learning models, plus sandboxing with advanced
exploit detection and crypto-guard ransomware detection to identify the latest
zero-day threats and stop them before they get on your network.
·
FastPath application acceleration – About 80% of the
traffic on your network likely comes from approximately 20% of your apps. These
elephant flows are typical of meeting and collaboration tools, streaming media,
and VoIP. These large traffic flows are both resource-intensive to inspect and
require optimal performance for a great user experience, creating an enormous
challenge. Your next firewall should be able to adequately handle these trusted
traffic flows and offload them to provide optimal performance and create added
performance headroom for traffic that needs deeper packet inspection.
·
Integration with other cybersecurity products – It’s no longer enough
for IT security products to work in isolation. Today’s sophisticated attacks
require multiple layers of protection, all working in coordination and sharing
information to provide a synchronised response. Your next firewall should
integrate with other systems like your endpoint AV protection to share
important threat intelligence and telemetry. This will allow both systems to
work better together to coordinate a defence when you come under attack. These
systems should also share a common management interface to make deployment,
day-to-day management, as well as cross-product threat hunting and reporting
easier.
These four capabilities will ensure the top problems with your current firewall will be a thing of the past, and power your network protection well into the future.
Critical
capabilities |
Questions
to ask your vendor |
TLS 1.3 inspection Provides visibility into the
growing volume of encrypted traffic traversing networks |
Does your TLS inspection
support the latest 1.3 standard? Does it work across all ports
and protocols? Is it streaming-based or proxy
based? What is the performance impact?
Does it provide dashboard
visibility into encrypted traffic flows? Does it provide dashboard
visibility into sites that don’t support decryption? Does it provide simple tools to
add exceptions for problematic sites? Does it come with a
comprehensive exclusion list? Who maintains the list and is
it updated periodically?
|
Zero-day threat protection Protection from the latest
unknown threats using machine learning and sandboxing |
Does your firewall include
technology to detect previously unseen threats? Does it use machine learning to
analyse files? How many machine learning
models are applied? Does your solution include
sandboxing? Does the sandboxing allow the
file through while it’s being analysed? Does the sandboxing solution
run on-premises or in the cloud? Does the sandboxing solution
include leading endpoint protection technology to identify threats like
ransomware in the sandbox environment? What endpoint technology is
used to assist in sandboxing? What kind or reporting is
provided on-box (versus a separate reporting product)? What kind of dashboard
visibility is provided?
|
FastPath application
acceleration Offloading trusted application
traffic to a FastPath to improve performance and reduce overhead |
Does your firewall support
FastPath acceleration of trusted traffic and elephant flows? Is it done in software or
hardware? How are applications identified
for FastPath acceleration? What policy tools are provided
to admins to control which applications are offloaded? Are any signatures provided out
of the box to accelerate and FastPath some applications? Are your FastPath packet flow
processors programmable, upgradable, and futureproof?
|
Integration with other security
products Integration is essential to
provide adequate layered protection and sharing of information across
products for a response to threats or for forensic investigations and threat
hunting |
Does your firewall integrate
with an endpoint technology? What information is shared
between the two products? Is a threat identified by one
product shared with the other? What is the response when a
threat is detected? Can it automatically isolate threats? How does it do
this? Does the endpoint provide any
information on users or application usage to the firewall? Can the firewall and endpoint
be managed from the same console? Is it cloud-based? Can you do cross-product threat
hunting (XDR)? Does the vendor offer a
fully-managed network monitoring and threat response service? Does the firewall integrate
with any other products such as Wi-Fi, ZTNA, edge devices, or network
switches?
|